07 Aug Is Your Hosted Cloud Phone System Recording Legally Compliant?
One of the most important features of a hosted cloud phone system is the ability to record incoming and outgoing calls for quality assurance, security, training, and record-keeping purposes.
However, it’s even more important for businesses to ensure that they are complying with prevailing rules and laws, or else they may end up facing fines, lawsuits and reputation damage.
To avoid this trifecta of pain and suffering, here are some basic facts to keep in mind when recording calls:
The most important factor is consent.
According to the Federal Communications Commission (FCC), businesses must obtain consent to record calls, regardless of whether the calling party is a customer, supplier, vendor, or anyone else.
The good news here for businesses is that, unlike other types of consent, they do not need to receive this in writing. In most states (see note below), businesses simply need to inform callers that their call is being recorded and for what purpose. Callers who choose to remain on the line are deemed to have granted their consent. Those that don’t may hang up (though this virtually never happens).
Note: At the current time, most states allow for one party to grant consent for a call to be recorded. However, there are some states that require all parties to grant consent. Currently, this list includes: California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania and Washington. Consent in these states can be granted verbally.
The party recording the call must participate.
The party that records the call must actively participate in the conversation. For example, provided that consent has been granted, ACME (maker of the world’s finest anti-roadrunner gear) can record calls for conversations involving ACME staff. However, ACME cannot outsource the recording function to a third party, nor can it transfer consent to third parties.
Note that this doesn’t mean businesses cannot allow third parties to use their hosted cloud phone system. For example, a business may allow a vendor or supplier who is on-site to use the system. However, in such cases the recording function must be disabled (which is fast and easy to do).
Only use the information for the stated purpose.
As noted above, callers must be told why their call is being recorded — e.g. quality, training, security, etc. Businesses can therefore only use the recording for those stated purposes. For example, a business that records calls for training purposes cannot hand those recordings over to the sales team in order to mine for sales opportunities. Of course, in such cases businesses can (and should) ask callers if they are open to receiving a follow-up call or email from the sales team regarding an item that comes up in the conversation.
There is no such thing as retroactive consent.
Last but not least, consent for recording a call cannot be made retroactively. For example, let’s say from March 1 to May 31, a business states that it is recording calls for training, security and quality assurance purposes. Then on June 1, it changes that messaging to include “and also for sales and marketing purposes.” The business cannot use the recordings from March 1 to May 31 for sales and marketing purposes. It can only use recordings from June 1 onwards for that purpose.